Lucene search
K

3402 matches found

NVD
NVD
added 2026/06/17 1:19 p.m.6 views

CVE-2025-62340

HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where a web application fails to automatically terminate user sessions after a period of inactivity...

5.3CVSS0.00204EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 12:17 p.m.14 views

CVE-2025-62340

HCL iControl is affected by CVE-2025-62340 (Inadequate Session Timeout). The vulnerability is a failure of the web application to automatically terminate user sessions after a period of inactivity. According to the provided sources, the affected product is HCL iControl, with impact described as C...

5.3CVSS5.2AI score0.00204EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.14 views

PT-2026-50376

Name of the Vulnerable Software and Affected Versions HCL iControl affected versions not specified Description HCL iControl is affected by an inadequate session timeout issue. This occurs when a web application fails to automatically terminate user sessions after a period of inactivity, potential...

5.3CVSS5.8AI score0.00204EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.15 views

PT-2026-50599

Name of the Vulnerable Software and Affected Versions org.hl7.fhir.dstu2 affected versions not specified Description An incomplete patch in the org.hl7.fhir.dstu2 module allows an unauthenticated attacker to cause a Regular Expression Denial of Service ReDoS. While other modules were updated to...

7.5CVSS5.9AI score
Exploits0References4
EUVD
EUVD
added 2026/06/15 9:55 p.m.7 views

EUVD-2026-37012

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming a large or slow-trickle unary request body. 'Elixir.GRPC.Server.Adapters.Cowboy.Handler':readfullbody/3...

8.7CVSS5.3AI score0.00344EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/12 2:10 p.m.30 views

CVE-2026-45416 Netty: SNI handler pre-allocates up to 16 MiB from nine attacker bytes

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SslClientHelloHandler.decode reads the 24-bit TLS handshake length and, when the ClientHello does not fit in the first record, eagerly allocates...

7.5CVSS0.00461EPSS
Exploits0References3
NVD
NVD
added 2026/06/12 1:16 p.m.16 views

CVE-2026-47197

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, a moderator with the relevant Discord permission bit can use the bot to moderate users above them in the Discord role hierarchy, as long as the bot itself outranks the target. This bypasses Discord’s normal role hierarchy protections...

7.2CVSS0.00228EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 11:52 a.m.33 views

CVE-2026-47197

CVE-2026-47197 concerns the Quest Bot for Discord. Before version 1.1.6, a moderator who has the relevant Discord permission can use the bot to moderate users who are higher in the Discord role hierarchy, provided the bot itself outranks the target. This bypasses Discord’s normal role hierarchy p...

7.2CVSS5.3AI score0.00228EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 11:52 a.m.9 views

CVE-2026-47197 Quest Bot: Discord moderation role hierarchy bypass in ban, kick, mute, unmute, warn, and nickname commands

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, a moderator with the relevant Discord permission bit can use the bot to moderate users above them in the Discord role hierarchy, as long as the bot itself outranks the target. This bypasses Discord’s normal role hierarchy protections...

7.2CVSS5.3AI score0.00228EPSS
Exploits0References2
CVE
CVE
added 2026/06/11 6:59 p.m.34 views

CVE-2026-45802

CVE-2026-45802 affects FPDI, a PHP library that reads pages from existing PDFs to use as templates in FPDF. The issue, present in versions prior to 2.6.7, allows an attacker to upload a small malicious PDF that exhausts memory or triggers script timeouts, causing the server-side process to crash ...

6CVSS5.4AI score0.00259EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 11:16 p.m.9 views

CVE-2026-47213

Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. In versions 0.8.2 and prior, Boxlite allows users to configure a timeout for services running inside the virtual machine. When the timeout is...

6.5CVSS0.00268EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:12 p.m.8 views

Improper Resource Shutdown or Release

Overview @boxlite-ai/boxlite is a BoxLite - Embeddable micro-VM runtime for secure, isolated code execution Affected versions of this package are vulnerable to Improper Resource Shutdown or Release due to improper handling of process termination signals in the timeout mechanism by using the...

7.1CVSS5.4AI score0.00268EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:12 p.m.12 views

Improper Resource Shutdown or Release

Overview boxlite is a Python bindings for Boxlite runtime Affected versions of this package are vulnerable to Improper Resource Shutdown or Release due to improper handling of process termination signals in the timeout mechanism by using the catchable SIGALRM signal instead of the uncatchable...

7.1CVSS5.4AI score0.00268EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:12 p.m.6 views

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release due to improper handling of process termination signals in the timeout mechanism by using the catchable SIGALRM signal instead of the uncatchable SIGKILL signal. An attacker can cause resource...

7.1CVSS5.4AI score0.00268EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 10:20 p.m.9 views

EUVD-2026-36197

Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. In versions 0.8.2 and prior, Boxlite allows users to configure a timeout for services running inside the virtual machine. When the timeout is...

6.5CVSS5.5AI score0.00268EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/10 10:20 p.m.7 views

CVE-2026-47213 BoxLite: Timeout Bypass Vulnerability

Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. In versions 0.8.2 and prior, Boxlite allows users to configure a timeout for services running inside the virtual machine. When the timeout is...

6.5CVSS5.5AI score0.00268EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/10 10:20 p.m.27 views

CVE-2026-47213 BoxLite: Timeout Bypass Vulnerability

Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. In versions 0.8.2 and prior, Boxlite allows users to configure a timeout for services running inside the virtual machine. When the timeout is...

6.5CVSS0.00268EPSS
Exploits0References2
CVE
CVE
added 2026/06/10 10:20 p.m.25 views

CVE-2026-47213

Summary (CVE-2026-47213 / BoxLite) BoxLite’s execution timeout mechanism is vulnerable due to sending SIGALRM (catchable) to terminate a timed process instead of SIGKILL (uncatchable). The Timeout watcher invokes a sleep, then calls kill with SIGALRM, while the code comments indicate SIGKILL shou...

6.5CVSS5.5AI score0.00268EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.25 views

Fedora 44 : tailscale (2026-07897c0238)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-07897c0238 advisory. - update to 1.98.4 - Allow nftables to satisfy firewall dependency in lieu of iptables rhbz2453924 - Fix 45s timeout on shutdowns in certain cases...

5CVSS5.7AI score0.00153EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/08 11:1 p.m.26 views

Netty: SNI handler pre-allocates up to 16 MiB from nine attacker bytes

SslClientHelloHandler.decode reads the 24-bit TLS handshake length and, when the ClientHello does not fit in the first record, eagerly allocates ctx.alloc.bufferhandshakeLength line 161. The guard at line 140 is handshakeLength maxClientHelloLength && maxClientHelloLength != 0, and the...

7.5CVSS5.7AI score0.00461EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder